FAQs

CDD should be based on risk. The amount of information and verification required depends on the level of financial crime risk, including ML, TF, and PF risk posed by the applicant for business or customer. Accordingly, an FI or DNFBP must first assess the risk and rate each applicant for business or customer. This initial customer risk assessment will help the FI or DNFBP determine how much information to collect and verify during the CDD process, including:

• the reduced simplified CDD measures that may be applied for low-risk applicants or customers (as described in the FAQ – What is Simplified Customer Due Diligence); and
• any additional enhanced CDD measures that must be applied for higher risk applicants or customers (as described in the FAQ – What is Enhanced Customer Due Diligence).

Not all customers within a risk category are the same, as they may pose different types of risks (e.g. higher risks based on geographic exposure, or higher risk based on business activities). Consequently, the level and type of CDD, enhanced CDD, or simplified CDD applied for an applicant for business or a customer should take into account the particular circumstances of each applicant for business or customer, on a case-by-case basis.

Simplified CDD, are reduced due diligence measures that may be applied by FIs or DNFBPs to customers that have been assessed as posing a low risk in terms of business relationship, which includes considering the ML, TF, and PF risks identified by a Virgin Islands’ national risk assessment or a risk assessment conducted by a relevant authority (see section 19 (7) of the AMLTF Code of Practice).

To make this determination, the FI or DNFBP may consider applicable factors such as:

• the source of fixed income;
• whether the customer is a:
  • financial institution regulated for AML/CFT/CPF compliance;
  • publicly listed company subject to regulatory disclosure requirements;
  • government statutory body;
• life insurance policies with annual premiums of $1,000 or less;
• pension scheme insurance policies with no surrender clause and cannot be used as collateral;
• where the body corporate is part of a group that is subject to and adequately supervised for AML/CFT/CPF compliance consistent with FATF Recommendations; and
• other factors included in section 19 (6) of the AMLTF Code Practice.

Where such low risk is determined, the due diligence measures outlined in sections 19 (2), (3) and 4(b) may be applied in a simplified manner.

Enhanced CDD (ECDD), as defined by section 20 (1) of the AMLTF Code of Practice, refers to the additional steps an FI or DNFBP is required to take when dealing with applicants for business, customers, and one-off transactions that present a higher risk. ECDD may include:

• undertaking research to understand the background and the business of the applicant for business or customer, and verifying this information (e.g. using open-source intelligence available through public databases, websites etc.);
• obtaining evidentiary documentation to confirm the source of funds or source of wealth of the applicant for business or customer, including the beneficial owners, and verifying this information (e.g. asset and income declarations);
• obtaining senior management approval to commence or continue the business relationship with a higher risk applicant for business or customer;
• requiring senior management sign-off when engaging in transactions with a higher risk applicant for business or customer; and
• conducting enhanced monitoring of the business relationship (e.g. increasing the number and timing of controls applied and frequency of reviews, obtaining information on the reasons for a particular transaction, and selecting patterns of transactions that need further examination).

Each FI or DNFBP should adapt the enhanced measures based on the specific risks associated with its customer base.

During the conduct of CDD, unusual transactions and activities (including attempted transactions and activities) may be identified. Section 18 of the AMLTF Code of Practice requires employees of FIs and DNFBPs to report such instances to the Money Laundering Reporting Officer (“the Reporting Officer”), who is required to investigate those details and determine if a report needs to be made to the Financial Investigation Agency (FIA). This includes where an applicant for business or customer fails to provide sufficient evidence to verify their identity.

Section 17 of the AMLTF Code of Practice stipulates the Reporting Officer’s duty to report all suspicious customers or activities associated with ML, TF or PF to the FIA. Refer to the separate Suspicious Activities Reporting (SAR) FAQs for further guidance.  

Section 25 (2) of the AMLTF Code of Practice stipulates that FIs and DNFBPs must obtain proof of existence of the legal person and information regarding:

• full name and any trading name;
• official registration or other identification number;
• date and place of incorporation, registration, or formation, and legal form;
• address of its registered office in the country of incorporation and its mailing address, if different;
• address of its registered agent to whom correspondence may be sent and the mailing address of its registered agent, if different;
• principal place of business and the type of business engaged in;
• the powers that regulate and bind the legal person, as well as the names of the relevant persons having a senior management position; and
• the ownership and control structure of the legal person, including direct and indirect ownership.

In addition, FIs and DNFBPs must:

• identify and verify the identities of each beneficial owner, each director, partner, or similar position, and any person acting on behalf of the legal person; and
• understand the nature of the legal person’s business and its ownership and control structure.